This is not a UNHCR publication. UNHCR is not responsible for, nor does it necessarily endorse, its content. Any views expressed are solely those of the author or publisher and do not necessarily reflect those of UNHCR, the United Nations or its Member States.

Introduction

Estonia ranks among the most wired and technologically-advanced countries in the world. With a high internet penetration rate and widespread e-commerce and e-government services embedded into the daily lives of individuals and organizations, Estonia has become a model for free internet access as a development engine for society. Only 20 years ago, when the country regained independence in 1991 after nearly 50 years of Soviet rule, its infrastructure was in disastrous condition. The country's new leadership, however, perceived the expansion of information and communication technologies (ICTs) as a key to economic growth and invested heavily in their development.

The first internet connections in the country were introduced in 1992 at academic facilities in Tallinn and Tartu. The government subsequently worked with private and academic entities to initiate in 1996 a program called Tiger Leap, which aimed to computerize and establish internet connections in all Estonian schools by 2000. This program helped to build general competence and awareness of ICTs. Today, with a high level of computer literacy and connectivity already established, the program's focus has shifted from basic concerns such as access, quality, and cost of internet services to discussions about security, anonymity, the protection of private information, and citizens' rights on the internet. Children's safety on the internet is a high priority, and the special program "Targalt Internetis" (Wiser Internet) is dedicated to country-wide training and awareness-building activities on internet safety issues for parents and children. In addition, a majority of users conduct business and e-government transactions over the internet.[1]

Over the past two years, the issue of copyright protection on the internet has become a widely debated topic in Estonia and various organizations that represent the interests of authors and other copyright holders have come at the forefront of the effort to remove copyright-protected content from popular services such as YouTube. Moreover, the issue of legal liability of online forums for the comments posted by anonymous users continues to be watched by free expression advocates with an important ruling by the European Court of Human Rights expected in late 2012.

Obstacles to Access

The number of internet and mobile telephone users in Estonia has grown rapidly in the past 20 years. According to 2011 statistics from the International Telecommunication Union (ITU), internet penetration in Estonia is 76.5 percent (approximately 993,000 people).[2] There are also nearly 1.9 million mobile phone subscriptions as of 2011, translating into a mobile phone penetration rate of 139 percent. This outsized figure is commonly attributed to the growing popularity of machine-to-machine (M2M) services, widespread use of mobile internet access devices, use of more than one mobile phone by individual Estonians, and the growing number of visitors who use local subscriptions while in the country.

The first public WiFi area was launched in 2001, and since then the country has developed a system of mobile data networks that enable widespread wireless broadband access. In 2011, the country had over 2,400 free, certified WiFi areas meant for public use, including at cafes, hotels, hospitals, schools, and even gas stations, and the government has continued to invest in public WiFi.[3] In addition, a countrywide wireless internet service based on CDMA technology has been deployed and priced to compete with fixed broadband access. Three mobile operators cover the country with mobile 3G and 3.5G services, and penetration of 4G networks is increasingly attracting subscribers. Municipalities in rural areas have been subsidizing local wireless internet deployment efforts, and the country's regulatory framework presents low barriers to market entry, enabling local start-ups to proliferate.

Estonians use a large variety of internet applications, including search engines (85 percent of users), email (83 percent), local online media, news portals, social-networking sites, instant messaging, and internet-based voice services.[4] In addition, 83 percent of the population uses the internet for online banking – the second highest percentage in the European Union (EU).[5] Estonian Public Broadcasting delivers all radio channels and its own TV production services including news in real time over the internet; it also offers archives of its radio and television programs at no charge to users. YouTube, Facebook, LinkedIn and many other international video-sharing and social-networking sites are widely available and popular. Moreover, 21 percent of Estonians use the internet for uploading and sharing original content such as photographs, music, and text – the highest level of shared public communication in Europe.[6]

The Estonian Electronic Communications Act was passed in late 2004 and a number of amendments have further been added to help develop and promote a free market and fair competition in electronic communications services.[7] Today, there are over 200 operators offering such services, including six mobile phone companies and numerous internet service providers (ISPs). ISPs and other communications companies are required to register with the Estonian Technical Surveillance Authority (ETSA), a branch of the Ministry of Economic Affairs and Communications, though there is no registration fee.[8]

In 2009, the Estonian Internet Foundation was established to manage Estonia's top level domain, ".ee."[9] With its multi-stakeholder foundation, the organization represents the Estonian internet community internationally and has succeeded in overseeing various internet governance issues such as the domain name registration process. However, due to concerns over the foundation's domain registration pricing policy[10] and management capabilities,[11] the foundation's substantive work has been paralyzed in 2012, and the Estonian government is currently seeking consultation with other stakeholders to help recover the progress of the foundation, including meetings with the Internet Users Advisory Board.

Limits on Content

Restrictions on internet content and communications in Estonia are among the lightest in the world. Nevertheless, due in part to Estonia's strong privacy laws, there are some instances of content removal. Most of these cases involve civil court orders to remove inappropriate or off-topic reader comments from news sites. Comments are similarly removed from online discussion forums and other sites. Generally, users are informed about a given website's privacy policy and rules for commenting, which they are expected to follow. Most of the popular online services have established policies that outline a code of conduct for the responsible and ethical use of their services and have enforcement policies in place.

In 2008, a debate over self-censorship and pre-publication censorship took center stage when the victim of unflattering and largely anonymous comments on a news story filed suit, claiming that web portals must be held responsible for reader comments and screen them before they become public.[12] Website owners argued that they did not have the capacity to monitor and edit all comments made on their sites. Nonetheless, the Estonian courts ruled in favor of the plaintiff, making web portals responsible for all comments posted. The ruling was appealed to the European Court of Human Rights and is expected to have its decision made by late 2012.

In January 2010, a new law on online gambling came into force, requiring all domestic and foreign gambling sites to obtain a special license or face access restrictions. As of June 2012, the Estonian Tax and Customs Board had placed 636 websites on its list of illegal online gambling sites, requiring Estonian ISPs to block them.[13]

In 2011, the removal of online content related to possible copyright infringement on YouTube increased, facilitated greatly by requests of copyright enforcement organizations representing Estonian authors. Hundreds of videos have been removed from YouTube for copyright violations even though some of the videos were posted by the authors themselves who were apparently not aware of the activities of copyright enforcement organizations representing their rights.[14]

There are over 70,000 active Estonian-language blogs on the internet, including an increasing number of group, project, and corporate blogs. The vibrancy and activities of the blogosphere are frequently covered by traditional media, particularly when blog discussions center on civic issues. The fact that so many Estonians are both computer literate and connected to the internet has created unique opportunities for the Estonian government. In addition to hosting virtual trade fairs and an online embassy, the Estonian president's office has its own Twitter, Facebook and YouTube channel, and releases messages exclusively on YouTube.[15]

Estonia has the largest functioning public-key infrastructure[16] in Europe, based on the use of electronic certificates maintained on the national identification (ID) card.[17] More than 1.2 million active ID cards are in use, which enable both electronic authentication and digital signing.[18] The Digital Signature Act, adopted in 2000,[19] gives an individual's digital signature the same weight as a handwritten one and requires public authorities to accept digitally-signed documents. Estonian ID cards were used to facilitate electronic voting during the parliamentary elections in 2007 and were used again in the 2009 municipal and European Parliament elections. During the 2011 national parliamentary elections, 140,846 votes were cast over the internet, representing over 20 percent of all votes. In 2011, 94 percent of citizens filed their taxes online, making the web services offered by the tax department the most popular public e-service. Over 63 percent of internet users regularly use e-government services, and 77 percent have indicated their satisfaction with such services.[20]

In early 2012, Estonian daily newspapers and TV raised public awareness on the progress of the Anti-Counterfeiting Trade Agreement (ACTA) and its developments in the European Union. As in many other countries, the Estonian government's initial position on ACTA's possible negative implications on user privacy was formal, stating that nothing would change if ACTA was ratified.[21] From February 8-20, 2012, the discussion on ACTA escalated in public media and political debates, which were crucially influenced by the internet user community and experts. On February 11th, demonstrations against ACTA were held in Tallinn and Tartu, gathering more than 2,000 participants.[22] As a result, open debates in the Estonian Parliament rephrased the government's initial support with a more careful approach to be informed by further consultations and analysis. Overall, the ACTA controversy in Estonia demonstrated the increasing awareness of and civic participation in internet freedom issues and intellectual property regulation.

Violations of User Rights

Freedom of speech and freedom of expression are protected by Estonia's constitution and by the country's obligations as an EU member state. Anonymity is unrestricted, and there have been extensive public discussions on anonymity and the respectful use of the internet. Internet access at public access points can be obtained without prior registration. The Personal Data Protection Act (PDPA), first passed in 1996, restricts the collection and public dissemination of an individual's personal data. No personal information that is considered sensitive – such as political opinions, religious or philosophical beliefs, ethnic or racial origin, sexual behavior, health, or criminal convictions – can be processed without the consent of the individual. The Data Protection Inspectorate (DPI) is the supervisory authority for the PDPA, tasked with "state supervision of the processing of personal data, management of databases and access to public information."[23] The current version of the PDPA came into force in 2008.[24]

The Electronic Communications Act was launched on January 1, 2005, aligning itself with EU legislation and replacing the Telecommunications Act. Since January 2008, electronic communications companies have been required to preserve traffic and location data as defined by the EU Data Retention Directive (2006/24/EC) for one year. Companies have been required to retain data on internet access, telephony, and email since March 2009, and must only retain such data that becomes known to them in the course of providing communications services. They must also only provide the surveillance agency or security authority with the information at their disposal when presented with a court order.[25]

There have been no physical attacks against bloggers or online journalists in Estonia, though online discussions are sometimes inflammatory. Following instances of online bullying and sexual harassment and the misuse of social media in 2009-2010, discussions and public awareness campaigns were recently launched to raise parental involvement in increasing the protection of children on the internet.

Awareness of the importance of ICT security in both private and business use has increased significantly since the cyberattacks that occurred in spring 2007. To protect the country from future attacks, the government adopted a five-year Cyber Security Strategy in 2008 that focuses on the development and implementation of new security measures, increasing competence in cyber security, improving the legal framework, bolstering international cooperation, and raising public awareness.[26] Estonia's cyber security strategy is built on strong private-public collaboration[27] and a unique voluntary structure through the National Cyber Defense League.[28] With more than 150 experts participating, the League has simulated different security threat scenarios over the past few years as defense exercises that have served to improve the technical resilience of Estonia's telecommunication networks and other critical infrastructure. Also in 2008, the North Atlantic Treaty Organization (NATO) established a joint cyberdefense center in Estonia to improve cyberdefense interoperability and provide security support for all NATO members. Since its founding, the center has supported awareness campaigns and academic research on the topic and hosted several high-profile conferences, among other activities.[29]

During the International Conference of Cyber Conflict held in Tallinn in June 2012, Toomas Hendrik Ilves, the President of Estonia, outlined recommendations toward international collaboration on cyber security.[30] His recommendations included raising global awareness on cyber security while maintaining freedom of access and the multi-stakeholder governance model for the internet.

10 The activities of the Estonian Internet Foundation are not subsidized from the state budget and the fee is established so that it is possible to cover infrastructure investments, operating costs and the reserve from it.

16 A public-key infrastructure (PKI) is a system for the creation, storage, and distribution of digital certificates which are used to verify that a particular public key belongs to a certain entity. The PKI creates digital certificates which map public keys to entities, securely stores these certificates in a central repository, and revokes them if needed.